{"id":5677,"date":"2023-11-18T21:52:25","date_gmt":"2023-11-18T20:52:25","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5677"},"modified":"2023-11-18T21:52:25","modified_gmt":"2023-11-18T20:52:25","slug":"ddostf-botnet-napada-mysql-servere","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/11\/18\/ddostf-botnet-napada-mysql-servere\/","title":{"rendered":"Ddostf Botnet napada MySQL servere"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Zlonamjerni <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/24\/botnet\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>botnet<\/em> <\/a>pod imenom <em>Ddostf<\/em> je trenutno u porastu sa svojim napadima, posebno ciljajuc\u0301i <em>MySQL<\/em> servere kako bi ih iskoristio kao dio <em>DDoS-as-a-Service<\/em> platforme koju mogu da iznajme drugi zlonamjerni akteri.<\/span><\/p>\n<div id=\"attachment_5680\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5680\" class=\"size-full wp-image-5680\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere.jpg\" alt=\"Ddostf Botnet on MySQL Servers\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Ddostf-Botnet-napada-MySQL-servere-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5680\" class=\"wp-caption-text\"><em>Ddostf Botnet napada MySQL servere; Source: Bing Image Creator<\/em><\/p><\/div>\n\n<p><span style=\"font-size: 14pt;\">Ova zlonamjerna aktivnost je otkrivena od stane istra\u017eiva\u010da <em>AhnLab Securiti Emergenci Response Center<\/em> (<em>ASEC<\/em>) i razotkriva mra\u010dne temelje sajber prijetnji koje iskori\u0161\u0107avaju ranjivosti u <em>MySQL<\/em> okru\u017eenjima ili iskori\u0161tavaju slabe administratorske akreditive putem <a href=\"https:\/\/sajberinfo.com\/en\/2023\/09\/07\/brute-force-attack\/\" target=\"_blank\" rel=\"nofollow noopener\">napada grubom silom<\/a> (eng. <em>brute force attack<\/em>).<\/span><\/p>\n<p>&nbsp;<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/18\/ddostf-botnet-napada-mysql-servere\/#DDOSTF_BOTNET_PORIJEKLO\" >DDOSTF BOTNET: PORIJEKLO<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/18\/ddostf-botnet-napada-mysql-servere\/#DDOSTF_BOTNET_FUNKCIONISANJE\" >DDOSTF BOTNET: FUNKCIONISANJE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/18\/ddostf-botnet-napada-mysql-servere\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"DDOSTF_BOTNET_PORIJEKLO\"><\/span><span style=\"font-size: 14pt;\"><strong>DDOSTF BOTNET: PORIJEKLO<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Zlonamjerni <em>botnet<\/em> pod imenom <em>Ddostf<\/em> je kineskog porijekla i aktivan je otprilike oko sedam godina. Nije ograni\u010den na odre\u0111en operativni sistem, ve\u0107 cilja <em>Linux<\/em> i <em>Windows<\/em> operativne sisteme. Na <em>Windows<\/em> operativnim sistemima uspostavlja postojanost tako \u0161to se registruje kao sistemski servis i de\u0161ifruje svoju komandnu i kontrolnu (<em>C2<\/em>) konfiguraciju da uspostavi vezu, a jedinstvena mogu\u0107nost povezivanja na nove <em>C2<\/em> adrese omogu\u0107uje otpornost na uklanjanje.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ovaj <em>botnet<\/em> prikuplja podatke o inficiranom ure\u0111aju kao \u0161to su frekvencija procesora, informacije o jeziku, verzija <em>Windows<\/em> operativnog sistema i brzina mre\u017ee, \u0161alju\u0107i ove informacije svom <em>C2<\/em> serveru. Server zatim mo\u017ee da naredi <em>botnet<\/em> klijentu da pokrene razli\u010dite <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/25\/ddos\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>DDoS<\/em> napade<\/a>, uklju\u010duju\u0107i <em>SIN Flood<\/em>, <em>UDP Flood<\/em> i <em>HTTP GET\/POST Flood<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DDOSTF_BOTNET_FUNKCIONISANJE\"><\/span><span style=\"font-size: 14pt;\"><strong>DDOSTF BOTNET: FUNKCIONISANJE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">Zlonamjerni akteri<\/a> koji stoje iza <em>Ddostf botnet<\/em> mre\u017ee <a href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/\" target=\"_blank\" rel=\"nofollow noopener\">strate\u0161ki skeniranju Internet<\/a> u potrazi za ranjivim <em>MySQL<\/em> serverima, koriste\u0107i dvostruki pristup iskori\u0161tavanja ranjivosti u sistemima bez odgovaraju\u0107ih a\u017euriranja i agresivno poku\u0161avaju\u0107i da razbiju slabe <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinke<\/a> administratorskih naloga. Za <em>MySQL<\/em> servere zasnovane na <em>Windows<\/em> operativnom sistemu, zlonamjerni akteri koriste tehniku poznatu kao korisni\u010dki definisane funkcije (eng. <em>User-Defined Functions \u2013 UDF<\/em>) za izvr\u0161avanje komandi na kompromitovanim sistemima.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Korisni\u010dki definisane funkcije su <em>MySQL <\/em>karakteristi\u010dne funkcije koje omogu\u0107avaju korisnicima da defini\u0161u funkcije u <em>C<\/em> ili <em>C++<\/em> programskom jeziku i prevedu ih u datoteke biblioteka dinami\u010dkih veza (eng. <em>DLL \u2013 Dynamic Link Library<\/em>), pro\u0161iriju\u0107i mogu\u0107nosti servera baze podataka. U ovom napadu, protivnici kreiraju sopstvene zlonamjerne korisni\u010dki definisane funkcije, registruju\u0107i ih kao <em>DLL<\/em> datoteku (<em>amd.dll<\/em>), omogu\u0107avaju\u0107i sebi funkcije kao \u0161to su preuzimanje <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/payload\/\" target=\"_blank\" rel=\"nofollow noopener\">korisnog tovara<\/a>, izvr\u0161avanje komandi na nivou sistema i slanje rezultata izvr\u0161enja komande nazad napada\u010dima.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ova zloupotreba korisni\u010dki definisanih funkcija ne samo da olak\u0161ava primjenu primarnog korisnog tovara, <em>Ddostf bot<\/em> klijenta, ve\u0107 i otvara vrata za potencijalnu instalaciju drugog zlonamjernog softvera, preuzimanje podataka i stvaranje<a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/backdoor\/\" target=\"_blank\" rel=\"nofollow noopener\"> zadanih vrata<\/a> za postojani pristup.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se za\u0161titili od ovakvih napada, <em>MySQL<\/em> server administratori bi trebalo da odmah respektivno primjenjuju najnovija dostupna a\u017euriranja uz robusne politike lozinki kako bi se za\u0161titili od napada grubom silom ili napada pomo\u0107u rje\u010dnika na administratorske naloge.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Zlonamjerni botnet pod imenom Ddostf je trenutno u porastu sa svojim napadima, posebno ciljajuc\u0301i MySQL servere kako bi ih iskoristio kao dio DDoS-as-a-Service platforme koju mogu da iznajme drugi zlonamjerni akteri. Ova zlonamjerna aktivnost&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5680,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[113,114,577,578],"class_list":["post-5677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-botnet","tag-ddos","tag-ddostf","tag-mysql"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5677"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5677\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5680"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}